General
-
Target
2d989a1638a922a23b2b0efe882765501c18745bdee68fadee45f835b1772337
-
Size
686KB
-
Sample
220420-czx4rahea4
-
MD5
f6fc2bfd35390eb8f4a0283736ab4c84
-
SHA1
ea01609b9d2880306b6fe88d1ac0d2c91a17f7c3
-
SHA256
2d989a1638a922a23b2b0efe882765501c18745bdee68fadee45f835b1772337
-
SHA512
ab086cf364dbab3d37041c2974906e5ca15f1906ec0e77adf7644fa4bb2c8fe7051e65d6181493f0496c2f228e0b5d7caa9984b645f8be8498bd06894af2a76b
Static task
static1
Behavioral task
behavioral1
Sample
Payment.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
ebop.website - Port:
587 - Username:
[email protected] - Password:
P@ssw0rdP@ssw0rd
Targets
-
-
Target
Payment.exe
-
Size
741KB
-
MD5
af90c71820ae43a15bc7e9b19a5756b5
-
SHA1
14c10d4943fbd06fa014a28e457f7c3559c276ae
-
SHA256
c578f89d2e9d40571b7abb4839a07f019dcc3bfc37705ee8d9cccfe306432463
-
SHA512
9d58b08e2cffc7992cb0347a6ebc7969c7cb6d84b5f949ee25028c250f52cf0f9d2085739fed22081ca551e666277d35b87f170db17aea65b3388c5d0b46f7f5
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-